← Voltar para CVEs
CVE-2021-43829
HIGH7.4
Descricao
PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.7.7 PatrowlManager unrestrictly handle upload files in the findings import feature. This vulnerability is capable of uploading dangerous type of file to server leading to XSS attacks and potentially other forms of code injection. Users are advised to update to 1.7.7 as soon as possible. There are no known workarounds for this issue.
Detalhes CVE
Pontuacao CVSS v3.17.4
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado12/14/2021
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
patrowl:patrowlmanager
Fraquezas (CWE)
CWE-434
Referencias
https://github.com/Patrowl/PatrowlManager/commit/2287c9715d2e7ef11b44bb0ad4a57727654f2203(security-advisories@github.com)
https://github.com/Patrowl/PatrowlManager/security/advisories/GHSA-5hc9-6hq4-2xfx(security-advisories@github.com)
https://huntr.dev/bounties/17324785-f83a-4058-ac40-03f2bfa16399/(security-advisories@github.com)
https://github.com/Patrowl/PatrowlManager/commit/2287c9715d2e7ef11b44bb0ad4a57727654f2203(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/Patrowl/PatrowlManager/security/advisories/GHSA-5hc9-6hq4-2xfx(af854a3a-2127-422b-91ae-364da2661108)
https://huntr.dev/bounties/17324785-f83a-4058-ac40-03f2bfa16399/(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.